Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/fbf13e-e25b-497a-be55-3847f4f24ea7/1/5Bh9FgmflHXxe5GmPRz8PVD3zfw.roa
File:                     5Bh9FgmflHXxe5GmPRz8PVD3zfw.roa (raw, json)
Hash identifier:          kDLz5Pnu2hEMAIwf6lkfKB1WnkyFIe+sVCyOKc/QTLc=
Subject key identifier:   E4:18:7D:16:09:9F:94:75:F1:7B:91:A6:3D:1C:FC:3D:50:F7:CD:FC
Certificate issuer:       /CN=6d7092321d77b6e5dcb7ca505d743a238008d4f2
Certificate serial:       019E30CE739E63EECFB0DF4E9056200EF93F
Authority key identifier: 6D:70:92:32:1D:77:B6:E5:DC:B7:CA:50:5D:74:3A:23:80:08:D4:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXCSMh13tuXct8pQXXQ6I4AI1PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/fbf13e-e25b-497a-be55-3847f4f24ea7/1/5Bh9FgmflHXxe5GmPRz8PVD3zfw.roa
Signing time:             Sat 16 May 2026 12:41:36 +0000
ROA not before:           Sat 16 May 2026 12:41:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213640
IP address blocks:        185.60.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/fbf13e-e25b-497a-be55-3847f4f24ea7/1/bXCSMh13tuXct8pQXXQ6I4AI1PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/fbf13e-e25b-497a-be55-3847f4f24ea7/1/bXCSMh13tuXct8pQXXQ6I4AI1PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXCSMh13tuXct8pQXXQ6I4AI1PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 06:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:30:ce:73:9e:63:ee:cf:b0:df:4e:90:56:20:0e:f9:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d7092321d77b6e5dcb7ca505d743a238008d4f2
        Validity
            Not Before: May 16 12:41:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e4187d16099f9475f17b91a63d1cfc3d50f7cdfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5d:f4:88:4c:4b:fc:45:d6:5d:de:03:8a:59:
                    d8:7f:7a:9a:11:e1:84:70:10:1f:6a:91:0d:6f:12:
                    9c:c2:26:de:73:25:87:45:51:5e:ed:f7:6f:5f:8d:
                    20:2b:ef:f3:fb:80:df:e5:cc:f2:69:3e:cc:d6:59:
                    18:75:51:8c:15:3c:f5:02:f2:42:30:0d:46:34:04:
                    7b:5c:97:08:52:d0:9f:08:cc:cd:9a:e9:83:d0:34:
                    ad:0b:be:43:92:cb:7d:ad:7a:14:d0:9c:91:e4:78:
                    b4:c2:e5:91:16:37:80:35:ec:dd:62:99:b8:d8:e5:
                    c2:dd:24:8d:dc:e0:1d:59:25:63:f4:32:63:72:28:
                    03:1f:59:77:2d:12:ec:0a:ec:4b:2b:78:b6:b9:42:
                    92:6f:94:8c:32:6d:44:45:a1:a1:6b:4e:ff:e9:c8:
                    27:c1:e1:6d:33:0d:57:9f:e3:79:a5:88:e5:6b:a4:
                    4f:16:8d:70:18:10:b9:15:71:d0:13:f1:b5:8a:ad:
                    42:4c:9f:7e:53:54:15:2d:bd:3f:1a:ff:2c:33:43:
                    c3:f5:00:35:ee:8f:d3:d4:ff:41:c0:72:24:99:f8:
                    ae:c5:17:9d:d6:bb:ae:84:b9:e1:f2:ed:14:c2:35:
                    b4:21:8f:4d:d6:d8:9b:cc:61:13:7e:7e:d5:3c:65:
                    e1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:18:7D:16:09:9F:94:75:F1:7B:91:A6:3D:1C:FC:3D:50:F7:CD:FC
            X509v3 Authority Key Identifier:
                keyid:6D:70:92:32:1D:77:B6:E5:DC:B7:CA:50:5D:74:3A:23:80:08:D4:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXCSMh13tuXct8pQXXQ6I4AI1PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fbf13e-e25b-497a-be55-3847f4f24ea7/1/5Bh9FgmflHXxe5GmPRz8PVD3zfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/fbf13e-e25b-497a-be55-3847f4f24ea7/1/bXCSMh13tuXct8pQXXQ6I4AI1PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:8b:95:24:6b:e0:70:9c:36:c0:ca:65:ce:f7:9c:e8:a6:67:
         78:c7:fc:1f:74:83:b8:1e:39:5f:30:dc:19:7d:1e:0d:fd:0a:
         a7:6e:74:9a:8a:ce:53:24:2e:dd:a6:88:02:bb:6d:8b:19:25:
         5b:f4:90:2f:ca:1b:ba:56:68:10:12:73:26:10:ec:d6:ac:16:
         3b:f9:1f:9c:d9:5e:da:b0:eb:ac:2b:1f:a4:c9:da:cd:cb:19:
         74:a2:e2:85:a2:41:0a:6a:8c:69:c7:e3:62:e2:73:fa:3a:de:
         2b:a1:19:a7:cb:d5:c9:2c:b6:ef:64:b7:e0:4a:22:eb:50:fa:
         a9:4f:bf:22:1d:59:d7:bd:9f:3a:58:87:dd:ca:49:f3:ab:d0:
         c7:42:2d:f3:de:24:db:c8:1c:f7:89:cb:b6:11:bd:54:09:66:
         1a:1f:fa:65:9d:3c:ef:4b:78:d8:cb:ba:96:c8:af:0c:b9:93:
         53:16:fd:93:3b:81:0d:09:7b:12:cc:dd:ab:84:76:63:e5:04:
         6a:ff:5e:bb:46:b5:41:d5:f2:26:f6:a6:51:40:c3:c9:57:34:
         b2:22:97:54:5f:22:e8:b1:af:b3:af:b3:35:f7:e4:11:95:6a:
         86:57:54:d8:52:8d:5b:2c:bc:6d:e6:30:27:5c:75:38:c3:df:
         48:55:5f:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4wznOeY+7PsN9OkFYgDvk/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzA5MjMyMWQ3N2I2ZTVkY2I3Y2E1MDVkNzQzYTIzODAw
OGQ0ZjIwHhcNMjYwNTE2MTI0MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDE4N2QxNjA5OWY5NDc1ZjE3YjkxYTYzZDFjZmMzZDUwZjdjZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyV30iExL/EXWXd4DilnYf3qaEeGE
cBAfapENbxKcwibecyWHRVFe7fdvX40gK+/z+4Df5czyaT7M1lkYdVGMFTz1AvJC
MA1GNAR7XJcIUtCfCMzNmumD0DStC75Dkst9rXoU0JyR5Hi0wuWRFjeANezdYpm4
2OXC3SSN3OAdWSVj9DJjcigDH1l3LRLsCuxLK3i2uUKSb5SMMm1ERaGha07/6cgn
weFtMw1Xn+N5pYjla6RPFo1wGBC5FXHQE/G1iq1CTJ9+U1QVLb0/Gv8sM0PD9QA1
7o/T1P9BwHIkmfiuxRed1ruuhLnh8u0UwjW0IY9N1tibzGETfn7VPGXhCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQYfRYJn5R18XuRpj0c/D1Q9838MB8GA1UdIwQY
MBaAFG1wkjIdd7bl3LfKUF10OiOACNTyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhDU01oMTN0dVhjdDhwUVhYUTZJNEFJMVBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mYmYxM2UtZTI1Yi00OTdhLWJlNTUt
Mzg0N2Y0ZjI0ZWE3LzEvNUJoOUZnbWZsSFh4ZTVHbVBSejhQVkQzemZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mYmYxM2UtZTI1Yi00OTdhLWJlNTUtMzg0N2Y0ZjI0ZWE3
LzEvYlhDU01oMTN0dVhjdDhwUVhYUTZJNEFJMVBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTzcMA0G
CSqGSIb3DQEBCwUAA4IBAQCOi5Uka+BwnDbAymXO95zopmd4x/wfdIO4HjlfMNwZ
fR4N/QqnbnSais5TJC7dpogCu22LGSVb9JAvyhu6VmgQEnMmEOzWrBY7+R+c2V7a
sOusKx+kydrNyxl0ouKFokEKaoxpx+Ni4nP6Ot4roRmny9XJLLbvZLfgSiLrUPqp
T78iHVnXvZ86WIfdyknzq9DHQi3z3iTbyBz3icu2Eb1UCWYaH/plnTzvS3jYy7qW
yK8MuZNTFv2TO4ENCXsSzN2rhHZj5QRq/167RrVB1fIm9qZRQMPJVzSyIpdUXyLo
sa+zr7M19+QRlWqGV1TYUo1bLLxt5jAnXHU4w99IVV+W
-----END CERTIFICATE-----